diff --git a/common/default.nix b/common/default.nix
index 70050d0..2430901 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -5,7 +5,6 @@
     ./environment.nix
     ./home-manager.nix
     ./nginx.nix
-    ./nixpkgs.nix
     ./openssh.nix
     ./security.nix
     ./zsh.nix
diff --git a/common/nixpkgs.nix b/common/nixpkgs.nix
deleted file mode 100644
index b11cac9..0000000
--- a/common/nixpkgs.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, lib, pkgs, inputs, ... }:
-
-{
-  nixpkgs = {
-    config = {
-      allowUnfree = true;
-      packageOverrides = pkgs: {
-        agenix = inputs.agenix.packages.${config.nixpkgs.hostPlatform.system}.default;
-      };
-    };
-
-    overlays = [ inputs.nur.overlay ];
-  };
-}
diff --git a/common/sysadmin/default.nix b/common/sysadmin/default.nix
index 3709583..5e0cdc0 100644
--- a/common/sysadmin/default.nix
+++ b/common/sysadmin/default.nix
@@ -8,8 +8,6 @@ in
   options.qenya.sysadmin.enable = mkEnableOption "Base configuration for headless servers";
 
   config = mkIf cfg.enable {
-    time.timeZone = "Etc/UTC";
-
     # Allow remote deployment with colmena
     deployment.targetUser = null;
     security.sudo.wheelNeedsPassword = false;
diff --git a/flake.nix b/flake.nix
index 3ca3ae6..68f65da 100644
--- a/flake.nix
+++ b/flake.nix
@@ -27,15 +27,25 @@
         nodeNixpkgs = {
           kalessin = import nixpkgs { system = "aarch64-linux"; }; # TODO: this should be generated from the host config somehow
         };
-        specialArgs = {
-          inherit inputs;
-        };
       };
 
-      defaults = { name, nodes, ... }: {
+      defaults = { name, nodes, config, lib, pkgs, ... }: {
         networking.hostName = name;
 
         nix.settings.experimental-features = "nix-command flakes";
+        nixpkgs.flake.source = nixpkgs;
+        nix.nixPath = [ "nixpkgs=flake:nixpkgs" ];
+
+        nixpkgs = {
+          config = {
+            allowUnfree = true;
+            packageOverrides = pkgs: {
+              agenix = agenix.packages.${config.nixpkgs.hostPlatform.system}.default;
+            };
+          };
+
+          overlays = [ nur.overlay ];
+        };
 
         imports = [
           home-manager.nixosModules.home-manager
@@ -49,6 +59,7 @@
 
       tohru = { name, nodes, ... }: {
         networking.hostId = "31da19c1";
+        time.timeZone = "Europe/London";
         deployment = {
           allowLocalDeployment = true;
           targetHost = null; # disallow remote deployment
@@ -61,6 +72,7 @@
 
       yevaud = { name, nodes, ... }: {
         networking.hostId = "09673d65";
+        time.timeZone = "Etc/UTC";
         deployment.targetHost = "yevaud.birdsong.network";
 
         imports = [
@@ -70,6 +82,7 @@
 
       orm = { name, nodes, ... }: {
         networking.hostId = "00000000";
+        time.timeZone = "Etc/UTC";
         deployment.targetHost = "orm.birdsong.network";
 
         imports = [
@@ -79,6 +92,7 @@
 
       kalessin = { name, nodes, ... }: {
         networking.hostId = "534b538e";
+        time.timeZone = "Etc/UTC";
         deployment = {
           targetHost = "kalessin.birdsong.network";
           buildOnTarget = true;
diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix
index 73c578c..f248b63 100644
--- a/hosts/tohru/configuration.nix
+++ b/hosts/tohru/configuration.nix
@@ -11,6 +11,7 @@
   boot.loader.systemd-boot.editor = false;
 
   age.secrets.wireguard-peer-tohru.file = ../../secrets/wireguard-peer-tohru.age;
+
   birdsong.peering = {
     enable = true;
     privateKeyFile = config.age.secrets.wireguard-peer-tohru.path;
@@ -29,8 +30,6 @@
 
   networking.networkmanager.enable = true;
 
-  time.timeZone = "Europe/London";
-
   i18n.defaultLocale = "en_GB.UTF-8";
   console.keyMap = "uk";